diff --git a/Cargo.lock b/Cargo.lock
index fb5d6c4a..6fd23dc7 100644
--- a/Cargo.lock
+++ b/Cargo.lock
@@ -2707,6 +2707,7 @@ name = "stackable-krb5-provision-keytab"
 version = "0.0.0-dev"
 dependencies = [
  "byteorder",
+ "clap",
  "futures 0.3.31",
  "krb5",
  "ldap3",
diff --git a/rust/krb5-provision-keytab/Cargo.toml b/rust/krb5-provision-keytab/Cargo.toml
index b90bca3e..66ab0c27 100644
--- a/rust/krb5-provision-keytab/Cargo.toml
+++ b/rust/krb5-provision-keytab/Cargo.toml
@@ -13,6 +13,7 @@ krb5 = { path = "../krb5" }
 stackable-secret-operator-crd-utils = { path = "../crd-utils" }
 
 byteorder.workspace = true
+clap.workspace = true
 futures.workspace = true
 ldap3.workspace = true
 native-tls.workspace = true
diff --git a/rust/krb5-provision-keytab/src/active_directory.rs b/rust/krb5-provision-keytab/src/active_directory.rs
index 8650538d..40cec945 100644
--- a/rust/krb5-provision-keytab/src/active_directory.rs
+++ b/rust/krb5-provision-keytab/src/active_directory.rs
@@ -95,6 +95,7 @@ pub struct AdAdmin<'a> {
 
 impl<'a> AdAdmin<'a> {
     pub async fn connect(
+        cluster_info_opts: &KubernetesClusterInfoOpts,
         ldap_server: &str,
         krb: &'a KrbContext,
         ldap_tls_ca_secret: SecretReference,
@@ -103,10 +104,7 @@ impl<'a> AdAdmin<'a> {
         schema_distinguished_name: String,
         generate_sam_account_name: Option<ActiveDirectorySamAccountNameRules>,
     ) -> Result<AdAdmin<'a>> {
-        // We don't have the usual operator (e.g. CLI or env) options available here, so we can not pass in any special
-        // options that can be set. An off-the-shelf Kubernetes client is sufficient here.
-        let cluster_info_opts = KubernetesClusterInfoOpts::default();
-        let kube = stackable_operator::client::initialize_operator(None, &cluster_info_opts)
+        let kube = stackable_operator::client::initialize_operator(None, cluster_info_opts)
             .await
             .context(KubeInitSnafu)?;
         let ldap_tls = native_tls::TlsConnector::builder()
diff --git a/rust/krb5-provision-keytab/src/main.rs b/rust/krb5-provision-keytab/src/main.rs
index 137762c0..30209790 100644
--- a/rust/krb5-provision-keytab/src/main.rs
+++ b/rust/krb5-provision-keytab/src/main.rs
@@ -4,9 +4,11 @@ use std::{
     io::{stdin, BufReader},
 };
 
+use clap::Parser;
 use krb5::{Keyblock, Keytab};
 use snafu::{ResultExt, Snafu};
 use stackable_krb5_provision_keytab::{AdminBackend, Request, Response};
+use stackable_operator::utils::cluster_info::KubernetesClusterInfoOpts;
 use tracing::info;
 
 mod active_directory;
@@ -67,12 +69,20 @@ enum Error {
     RemoveDummyFromKeytab { source: krb5::Error },
 }
 
+#[derive(clap::Parser)]
+pub struct Args {
+    #[command(flatten)]
+    pub cluster_info_opts: KubernetesClusterInfoOpts,
+}
+
 enum AdminConnection<'a> {
     Mit(mit::MitAdmin<'a>),
     ActiveDirectory(active_directory::AdAdmin<'a>),
 }
 
 async fn run() -> Result<Response, Error> {
+    let args = Args::parse();
+
     let req = serde_json::from_reader::<_, Request>(BufReader::new(stdin().lock()))
         .context(DeserializeRequestSnafu)?;
     info!("initing context");
@@ -97,6 +107,7 @@ async fn run() -> Result<Response, Error> {
             generate_sam_account_name,
         } => AdminConnection::ActiveDirectory(
             active_directory::AdAdmin::connect(
+                &args.cluster_info_opts,
                 &ldap_server,
                 &krb,
                 ldap_tls_ca_secret,